First of all, thanks for this module. We really rely on it.
We've got a site with a complex permissions model: revisioning and Domain Access are already installed, and we're about to install TAC Lite. Even with Module Grants in place, we're getting node_access('view')
returning TRUE, even when access to the node page itself is denied. So the file is being served, although its node shows a 403.
Looking into the menu router for "node/%", it turns out that its access callback is _revisioning_view_edit_access_callback()
. While I haven't dug into quite how that callback manages to get the three permissions models to work together - especially given that Module Grants really ought to have that access callback - if I load the menu router item in filefield_file_download()
, and use its access callback rather than node_access()
, then everything works!
I'll attach a patch presently for discussion.
Comment | File | Size | Author |
---|---|---|---|
#2 | filefield-complex-permissions-model-1937282-2.patch | 1.06 KB | victoriachan |
#1 | filefield-complex-permissions-model-1937282-1.patch | 967 bytes | jp.stacey |
Comments
Comment #1
jp.stacey CreditAttribution: jp.stacey commentedPatch attached. I appreciate this is a complex case, so I'd love feedback.
Comment #2
victoriachan CreditAttribution: victoriachan commentedAdapted the patch for filefield 6.x-3.12